1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Samba vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, December 10, 2019 12:10:06
    samba vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 19.04
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in Samba.

    Software Description

    * samba - SMB/CIFS file, print, and login server for Unix

    Details

    Andreas Oster discovered that the Samba DNS management server
    incorrectly handled certain records. An authenticated attacker
    could possibly use this issue to crash Samba, resulting in a
    denial of service. (CVE-2019-14861)

    Isaac Boukris discovered that Samba did not enforce the Kerberos
    DelegationNotAllowed feature restriction, contrary to
    expectations. (CVE-2019-14870)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    libsmbclient - 2:4.10.7+dfsg-0ubuntu2.3
    samba - 2:4.10.7+dfsg-0ubuntu2.3

    Ubuntu 19.04
    libsmbclient - 2:4.10.0+dfsg-0ubuntu2.7
    samba - 2:4.10.0+dfsg-0ubuntu2.7

    Ubuntu 18.04 LTS
    libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14
    samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14

    Ubuntu 16.04 LTS
    libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.24
    samba - 2:4.3.11+dfsg-0ubuntu0.16.04.24

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2019-14861
    * CVE-2019-14870

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, December 11, 2019 12:10:03
    samba vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM

    Summary

    Several security issues were fixed in Samba.

    Software Description

    * samba - SMB/CIFS file, print, and login server for Unix

    Details

    USN-4217-1 fixed several vulnerabilities in Samba. This update
    provides the corresponding update for Ubuntu 14.04 ESM.

    Original advisory details:

    Andreas Oster discovered that the Samba DNS management server
    incorrectly handled certain records. An authenticated attacker
    could possibly use this issue to crash Samba, resulting in a
    denial of service. (CVE-2019-14861)

    Isaac Boukris discovered that Samba did not enforce the Kerberos
    DelegationNotAllowed feature restriction, contrary to
    expectations. (CVE-2019-14870)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4
    samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * USN-4217-1
    * CVE-2019-14861
    * CVE-2019-14870

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, January 21, 2020 20:10:03
    samba vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 19.04
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in Samba.

    Software Description

    * samba - SMB/CIFS file, print, and login server for Unix

    Details

    It was discovered that Samba did not automatically replicate ACLs
    set to inherit down a subtree on AD Directory, contrary to
    expectations. This issue was only addressed in Ubuntu 18.04 LTS,
    Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902)

    Robert **wi**cki discovered that Samba incorrectly handled certain
    character conversions when the log level is set to 3 or above. In
    certain environments, a remote attacker could possibly use this
    issue to cause Samba to crash, resulting in a denial of service.
    (CVE-2019-14907)

    Christian Naumer discovered that Samba incorrectly handled DNS
    zone scavenging. This issue could possibly result in some
    incorrect data being written to the DB. This issue only applied to
    Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19344)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    samba - 2:4.10.7+dfsg-0ubuntu2.4

    Ubuntu 19.04
    samba - 2:4.10.0+dfsg-0ubuntu2.8

    Ubuntu 18.04 LTS
    samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15

    Ubuntu 16.04 LTS
    samba - 2:4.3.11+dfsg-0ubuntu0.16.04.25

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2019-14902
    * CVE-2019-14907
    * CVE-2019-19344

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, July 02, 2020 12:10:01
    samba vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Several security issues were fixed in Samba.

    Software Description

    * samba - SMB/CIFS file, print, and login server for Unix

    Details

    Andrew Bartlett discovered that Samba incorrectly handled certain
    LDAP queries. A remote attacker could use this issue to cause
    Samba to crash, resulting in a denial of service, or possibly
    execute arbitrary code. This issue only affected Ubuntu 18.04 LTS,
    Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10730)

    Douglas Bagnall discovered that Samba incorrectly handled certain
    queries. A remote attacker could possibly use this issue to cause
    a denial of service. (CVE-2020-10745)

    Andrei Popa discovered that Samba incorrectly handled certain LDAP
    queries. A remote attacker could use this issue to cause Samba to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu
    19.10 and Ubuntu 20.04 LTS. (CVE-2020-10760)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    samba - 2:4.11.6+dfsg-0ubuntu1.3

    Ubuntu 19.10
    samba - 2:4.10.7+dfsg-0ubuntu2.6

    Ubuntu 18.04 LTS
    samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17

    Ubuntu 16.04 LTS
    samba - 2:4.3.11+dfsg-0ubuntu0.16.04.28

    Ubuntu 14.04 ESM
    samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7

    Ubuntu 12.04 ESM
    samba - 2:3.6.25-0ubuntu0.12.04.20

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-10730
    * CVE-2020-10745
    * CVE-2020-10760

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)